> -----Original Message-----
> From: COSE <[email protected]> On Behalf Of
> [email protected]
> Sent: Wednesday, August 22, 2018 7:14 AM
> To: [email protected]
> Cc: [email protected]; [email protected]
> Subject: [COSE] AES/FIPS Approved Algorithm Usage
>
> All,
>
> In the context of SUIT we did some analysis how to 'map' SUIT Manifest and
> Payload into some COSE Crypto Containers with the focus on usage of
> Algorithms, with the following properties:
>
> (1) Usage of FIPS Approved Algorithms AND
> (2) Usage of Cipher (AES) Based Algorithms
>
> Below are some observations, potential suggestions based on our current
> understanding we would like to share, in case others have interest in
usage of
> AES Based/FIPS Approved Algorithms in COSE.
>
>
> A. Cipher Based MAC [COSE-9.2]
>
> Currently AES-CBC-MAC is specified in COSE.
> Algorithm Identifier for AES-CMAC as specified in [800-38B]/[RFC4493]
would
> allow the FIPS approved AES-CMAC Algorithm for usage in COSE MAC Crypto
> Containers.
>
>
> B. Key Derivation Functions [COSE-11]
>
> For KDF Usage of Secrets that are _uniformly random_:
>
> _PRF_ Algorithm Identifier(s) based on CMAC, as specified in [800-
> 38B]/[RFC4493] and approved in [800-108] would allow for an FIPS Approved
> Cipher based PRF.
>
> _KDF_ Algorithm Identifier(s) (specifying Modes of Iteration) that refer
to [800-
> 108] FIPS Approved KDF Algorithm would present a preferred option to allow
> the Cipher based FIPS Approved KDFs in COSE, since [800-108] seems to be
the
> relevant FIPS Approved KDF Spec for the use case of secrets that are
_uniformly
> random_.
>
>
> C. Content Key Distribution 'Direct Key with KDF' [COSE-12.1.2]
>
> Algorithm Identifiers for Direct Key with KDF using the KDFs from PointÂ
B.
> above would allow Cipher based FIPS Approved 'Direct Key with KDF' in
Content
> Key Distribution/ Recipient Algorithms in COSE.
>
>
> D. AES Key Wrap [COSE-12.2.1]
>
> COSE Key Wrap is referring to [RFC3394], which is satisfying NIST Key Wrap
> Requirements.
> My understanding is that COSE usage of [RFC3394] supports AES Key Wrap
> (KW) Mode of [800-38F], but does not support AES Key Wrap with Padding
> (KWP) Mode of [800-38F].
> Algorithm Identifier for KWP would provide and additional Approved Key
Wrap
> Mode within COSE.
I am trying to figure out what you believe that is going to be added by
this. Unless you see a need to have authenticated attributes at the key
wrap level there is no additional benefit from using the KWP mode rather
than the KW mode. As these have the same construction and are built on the
same primitive they have the same set of variabilities.
Jim
>
>
>
> Thanks,
> Markus
>
>
> [COSE-9.2] https://tools.ietf.org/html/rfc8152#section-9.2
> [COSE-ref] https://tools.ietf.org/html/rfc8152#ref-MAC
> [COSE-11] https://tools.ietf.org/html/rfc8152#section-11
> [COSE-12.1.2] https://tools.ietf.org/html/rfc8152#section-12.1.2
> [COSE-12.2.1] https://tools.ietf.org/html/rfc8152#section-12.2.1
>
>
> [RFC4493] https://tools.ietf.org/html/rfc4493
> [800-38B] https://csrc.nist.gov/publications/detail/sp/800-38b/final
>
> [800-108] https://csrc.nist.gov/publications/detail/sp/800-108/final
>
> [800-38F] https://csrc.nist.gov/publications/detail/sp/800-38f/final
>
> _______________________________________________
> COSE mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/cose
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
